Computer security systems are often used to detect malicious attacks on computing devices. For example, a computing device may include a computer security system. In this example, the computer security system may detect a malicious file that infiltrated the computing device via the Internet.
Unfortunately, some conventional computer security systems may be unable to distinguish between common malware and targeted attacks. For example, certain organizations (such as corporations and/or government entities) may have computing devices that include conventional computer security systems. In this example, the conventional computer security systems may be unable to determine whether a malicious security event represents common malware or part of a comprehensive targeted attack.
Even in the event that certain conventional computer security systems are able to distinguish between common malware and targeted attacks, these security systems may rely on a preexisting signature database. As a result, these security systems may be unable to accurately classify unknown security events (e.g., zero-day threats) as targeted attacks in the absence of updated signatures that are specifically tailored to such security events. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for classifying security events as targeted attacks.